nghttpd: Add --dh-param-file option to support DHE ciphers
This commit is contained in:
Tatsuhiro Tsujikawa
parent
9fec34968b
commit
4e81a34146
|
|
@ -1694,6 +1694,28 @@ int HttpServer::run()
|
||||||
|
|
||||||
#endif // OPENSSL_NO_EC
|
#endif // OPENSSL_NO_EC
|
||||||
|
|
||||||
|
if(!config_->dh_param_file.empty()) {
|
||||||
|
// Read DH parameters from file
|
||||||
|
auto bio = BIO_new_file(config_->dh_param_file.c_str(), "r");
|
||||||
|
if(bio == nullptr) {
|
||||||
|
std::cerr << "BIO_new_file() failed: "
|
||||||
|
<< ERR_error_string(ERR_get_error(), nullptr) << std::endl;
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
auto dh = PEM_read_bio_DHparams(bio, nullptr, nullptr, nullptr);
|
||||||
|
|
||||||
|
if(dh == nullptr) {
|
||||||
|
std::cerr << "PEM_read_bio_DHparams() failed: "
|
||||||
|
<< ERR_error_string(ERR_get_error(), nullptr) << std::endl;
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
SSL_CTX_set_tmp_dh(ssl_ctx, dh);
|
||||||
|
DH_free(dh);
|
||||||
|
BIO_free(bio);
|
||||||
|
}
|
||||||
|
|
||||||
if(SSL_CTX_use_PrivateKey_file(ssl_ctx,
|
if(SSL_CTX_use_PrivateKey_file(ssl_ctx,
|
||||||
config_->private_key_file.c_str(),
|
config_->private_key_file.c_str(),
|
||||||
SSL_FILETYPE_PEM) != 1) {
|
SSL_FILETYPE_PEM) != 1) {
|
||||||
|
|
|
||||||
|
|
@ -63,6 +63,7 @@ struct Config {
|
||||||
std::string host;
|
std::string host;
|
||||||
std::string private_key_file;
|
std::string private_key_file;
|
||||||
std::string cert_file;
|
std::string cert_file;
|
||||||
|
std::string dh_param_file;
|
||||||
timeval stream_read_timeout;
|
timeval stream_read_timeout;
|
||||||
timeval stream_write_timeout;
|
timeval stream_write_timeout;
|
||||||
void *data_ptr;
|
void *data_ptr;
|
||||||
|
|
|
||||||
|
|
@ -133,6 +133,10 @@ Options:
|
||||||
Set the number of worker threads.
|
Set the number of worker threads.
|
||||||
Default: 1
|
Default: 1
|
||||||
-e, --error-gzip Make error response gzipped.
|
-e, --error-gzip Make error response gzipped.
|
||||||
|
--dh-param-file=<PATH>
|
||||||
|
Path to file that contains DH parameters in PEM
|
||||||
|
format. Without this option, DHE cipher suites
|
||||||
|
are not available.
|
||||||
--version Display version information and exit.
|
--version Display version information and exit.
|
||||||
-h, --help Display this help and exit.)"
|
-h, --help Display this help and exit.)"
|
||||||
<< std::endl;
|
<< std::endl;
|
||||||
|
|
@ -159,6 +163,7 @@ int main(int argc, char **argv)
|
||||||
{"no-tls", no_argument, &flag, 1},
|
{"no-tls", no_argument, &flag, 1},
|
||||||
{"color", no_argument, &flag, 2},
|
{"color", no_argument, &flag, 2},
|
||||||
{"version", no_argument, &flag, 3},
|
{"version", no_argument, &flag, 3},
|
||||||
|
{"dh-param-file", required_argument, &flag, 4},
|
||||||
{nullptr, 0, nullptr, 0}
|
{nullptr, 0, nullptr, 0}
|
||||||
};
|
};
|
||||||
int option_index = 0;
|
int option_index = 0;
|
||||||
|
|
@ -233,6 +238,10 @@ int main(int argc, char **argv)
|
||||||
// version
|
// version
|
||||||
print_version(std::cout);
|
print_version(std::cout);
|
||||||
exit(EXIT_SUCCESS);
|
exit(EXIT_SUCCESS);
|
||||||
|
case 4:
|
||||||
|
// dh-param-file
|
||||||
|
config.dh_param_file = optarg;
|
||||||
|
break;
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue